Skip Links

Privacy Protection for Documents Stored in the Cloud Gets DoJ Nod

By Kenneth Corbin, CIO
March 20, 2013 07:36 AM ET

CIO - The Department of Justice is giving a qualified endorsement of an update to a 1986 privacy law that leading cloud-service providers, public-interest groups and others argue is woefully out of step with the current methods of sending and storing communications.

[ALSO: Digital privacy in the big data era]

In testimony before a House subcommittee on Tuesday, Elana Tyrangiel, acting assistant attorney general at the DoJ's Office of Legal Policy, affirmed the Obama administration's support for an overhaul of the Electronic Communications Privacy Act (ECPA) to provide stronger privacy protections for Webmail, documents stored online and other cloud services.

Google, Microsoft and Facebook Join Reform Advocates

Advocates of ECPA reform, including tech heavyweights like Google, Microsoft and Facebook, point to incongruities in the law concerning the ways that law enforcement authorities can access personal communications.

As the law currently stands, authorities can obtain emails and other communications that have been stored with a third-party provider for more than six months on the strength of a subpoena, rather than a warrant issued by a judge.

In spite of periodic updates to ECPA, Tyrangiel says, "many have noted, and we agree, that some of the lines drawn by the statute have failed to keep up with the development of technology and the ways in which we use electronic and stored communications."

"We agree, for example, that there is no principled basis to treat email less than 180 days old differently than email more than 180 days old. Similarly, it makes sense that the statute not accord lesser protection to open emails than it gives to emails that are unopened," she adds.

"Acknowledging these things is an important first step," Tyrangiel says . "The harder question is how to update the statute in light of new and changing technologies while maintaining protections for privacy and adequately providing for public safety and other law enforcement imperatives."

Senate Looks to Revise ECPA

There is also movement in the Senate to overhaul ECPA. The same day that the House Judiciary Committee's subcommittee on crime held its hearing, Sens. Patrick Leahy (D-Vt.) and Mike Lee (R-Utah) introduced a bill to revise the statute, dispensing with the "180-day rule," among other reforms.

When ECPA was enacted, "no one could have imagined just how the Internet and mobile technologies would transform how we communicate and exchange information today," Leahy says in a statement. "Privacy laws written in an analog era are no longer suited for privacy threats we face in a digital world."

Earlier this year, a bipartisan group of House members introduced their own ECPA-reform bill in a bid to strengthen the protections for cloud and location-based services.

The path to revising ECPA has been slowed by the protests of law enforcement agencies, which have warned that reforms undertaken in the name of protecting privacy could impede criminal investigations.

Richard Littlehale, a special agent with the Tennessee Bureau of Investigation, told lawmakers that irrespective of the level of proof required to obtain access to emails and other communications, law enforcement authorities face other, more significant "logistical hurdles," chiefly the failure of service providers to turn over records in a timely fashion.

Our Commenting Policies
Cloud computing disrupts the vendor landscape

 

Latest News
rssRss Feed
View more Latest News